Scareware, rogueware, fake anti-virus software.. call it what you like, it's a real pain in the neck for many internet users today. Guest blogger Paul Ducklin, Sophos's head of technology in Asia Pacific, tackles the issue and provides advice on how you and your users can avoid it. Over to you Paul...

Fake security programs seem to be making a lot of money these days.

These fakes follow a similar pattern. You are offered a free download, or a free on-line service, which will scan your computer for threats. Often, this so-called threat scanner preys on your fear, along the lines of claiming to "detect the threats which traditional security products miss".

Since the scanner claims to be free, there doesn't seem to be any harm in trying it. And, indeed, when you run it, it usually reports several (sometimes many) threats. Often, one or more of the threats reported will have a name which is quite well-known, and which you can find listed as genuinely dangerous on legitimate websites.

These fake threat scanners, and the websites which back them up, are generally both modern and professional looking. Up to this point, it's hard for a non-expert to tell that a scam is being played out.

The sting comes when you click the "cleanup" option. This part is not free! Now comes the time to pay! Prices vary, but $20-$40 is a common amount. You may even receive a "special offer" inviting you to pay more, typically $40-$70, for an additional software bundle, or for six months of upgrades, or for support, or for some claimed added value.

If you pay up, then you will be able to download a module which "removes" the threats which were detected before. At least, after you have paid and carried out "cleanup", the threats will no longer be reported. But there never was a real threat, nor was anything dangerous actually removed.

This begs the question: how do you tell whether you are being scammed or not? How do you tell whether to pay up or not?

Fortunately, there is an easy answer: don't pay!

Always refuse to buy security software which finds threats for free, but only cleans them up after you have paid.

You can safely avoid this sort of software because almost all legitimate security vendors allow you to download and to use their threat detection and removal tools for free.

And why not? Why would we want you to judge our product's value-for-money based on a version with half the features left out? Would you even consider buying a car if the test drive allowed you to start the engine and to drive off into traffic, but not then to use the steering wheel or the brakes?

(FX: traffic noise with loud horns, crunching metal and breaking glass, followed by sirens approaching from a distance.)

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog